Great Bay Softwarehttp://greatbaysoftware.com
BeaconFri, 27 Mar 2015 19:29:58 +0000en-UShourly1http://wordpress.org/?v=4.1.1Getting the NAC of Juniper Unified Access Controlhttp://greatbaysoftware.com/getting-the-nac-of-juniper-unified-access-control/
http://greatbaysoftware.com/getting-the-nac-of-juniper-unified-access-control/#commentsFri, 27 Mar 2015 14:43:20 +0000http://greatbaysoftware.com/?p=696A network access control solution like Juniper Unified Access Control (UAC) – now part of Pulse Secure – is valuable for securing user-based devices, but many organizations require additional security tools operating tandem with this solution for more comprehensive access control. There are two major areas where an additional solution, like Great Bay Software’s Beacon […]

]]>A network access control solution like Juniper Unified Access Control (UAC) – now part of Pulse Secure – is valuable for securing user-based devices, but many organizations require additional security tools operating tandem with this solution for more comprehensive access control. There are two major areas where an additional solution, like Great Bay Software’s Beacon product suite, can strengthen your NAC initiative.

The first is with a complete inventory of all network-attached devices before implementation. We often hear that the deployment of Juniper UAC can be a bit tricky without a full inventory of all the endpoints touching the network. Great Bay Software’s endpoint profiling solution can automatically identify every endpoint on your network so you can ensure each device you want Juniper UAC’s software deployed on can be quickly recognized and handled.

The second is with authentication capabilities for non-user endpoints that an agent cannot be placed on. Deep insight of user-based devices that are able to run an agent is what Juniper UAC excels at providing. Non-computing endpoints are left out of the equation, though. Achieving complete network access control is accomplished by adding an endpoint profiler and authentication technology that is applicable to the entire network, which the Beacon product suite provides.

Fumbling around in the dark

Most companies lack an understanding of all the endpoints that are touching the corporate infrastructure. As a result, it can be overwhelming to figure out all the devices Juniper UAC needs to be deployed on. The manual effort it takes to track down all of the devices that need to be encompassed in implementation can take thousands of hours.

The network landscape also changes frequently. Without an automated solution, it’s incredibly difficult to know from one minute to the next if you have missed a device or if a new one has joined the network. It can be very easy to overlook a device that should be secured with Juniper UAC as a result. Neglected devices leave the network vulnerable because any unmonitored endpoint can serve as a potential entry point for invasion.

Don’t neglect your endpoints. Automatically identify every endpoint on your network with the Beacon product suite. Then, monitor everything in real-time so you can see any new devices that try to access the system, ensure proper patching and network upgrades and be instantly alerted if an endpoint starts behaving uncharacteristically.

Too many blind spots

Access control is only partially effective when non-computing endpoints are not included in the initiative. That’s because the non-user based endpoints, unaddressed by Juniper UAC, leave security blind spots. Those blind spots permit vulnerabilities on the network.

Management of all endpoints – computing and non-computing – along with network-based authentication can be achieved when Great Bay Software’s Beacon product suite is added alongside Juniper UAC. With this technology, when any endpoint starts behaving out of character, it can be automatically placed in quarantine or completely removed from your network – even if it is not supported by your NAC solution.

Whitelists are a bit fuzzy

Some organizations have attempted to work around Juniper UAC’s coverage gap by creating a whitelist to automatically allow non-user based endpoints onto the network. Often this proves to be an unsuccessful security tactic, though, because criminals can spoof the MAC addresses of these endpoints in order to easily plug into the network without detection.

Even worse, some of these organizations ultimately opt to leave some ports open because setting up the whitelist proves too challenging. This completely negates the purpose of a NAC solution. Instead of the network access control you want, the network becomes even more vulnerable to the potential of unauthorized devices getting on it.

Solve this problem with the Beacon product suite. It provides access control for every network-attached endpoint – so nothing will access your network without proper onboarding.

Beacon: a bright idea for a solid foundation

Great Bay Software’s Beacon product suite is often paired with Juniper UAC to help companies enhance their network access control capabilities. If you are currently struggling with implementing Juniper UAC or only have a portion of your network covered with the solution, we can help you.

Contact us today to start laying the foundation for an ample Defense in Depth strategy.

Discover the benefits

Our clients have often noted they wouldn’t attempt a NAC deployment without Beacon. Usually, that is after they’ve tried and failed first. Want to be sure you are on the right track for an implementation? Download the article: 5 keys to unlock an easy network access control implementation

]]>http://greatbaysoftware.com/getting-the-nac-of-juniper-unified-access-control/feed/0BYOD + IoT: More endpoints, more problemshttp://greatbaysoftware.com/byod-iot-more-endpoints-more-problems/
http://greatbaysoftware.com/byod-iot-more-endpoints-more-problems/#commentsWed, 11 Mar 2015 19:00:54 +0000http://greatbaysoftware.com/?p=649According to research conducted by the Enterprise Strategy Group, IT security professionals believe an increase in the number of overall devices on the network is a top factor in why networks have become more difficult to protect. Part of the reason networks are growing so rapidly is due to the proliferation of Bring Your Own […]

]]>According to research conducted by the Enterprise Strategy Group, IT security professionals believe an increase in the number of overall devices on the network is a top factor in why networks have become more difficult to protect. Part of the reason networks are growing so rapidly is due to the proliferation of Bring Your Own Device (BYOD) and the Internet of Things (IoT).

More devices create a broader network surface area for attackers to break in. This means that the threat of unauthorized access is a greater concern than ever. After all, MAC spoofing has been reported to be the initial gesture behind attacks.

BYOD

BYOD initiatives mean the landscape of computing devices accessing the network is constantly shifting. Unless there are significant safeguards in place, this makes it extremely difficult to distinguish from friend or foe in regard to network access.

You lose control when employees use their own devices and networks to store and transmit company data. The same is true when employees use company-owned devices for personal purposes.

Each of these increases the risk that an unauthorized person can access sensitive information on your network.

In many cases, BYOD initiatives are no longer optional as organizations compete to enable the most lucrative and agile environments. Often the desire for a BYOD landscape can come from the very top, with executives who want to be able to work from their tablet or phone both on- and off-site.

Convenience for the end user is a must. Employees, especially executives, do not have time to jump through hoops to access the network. These individuals often prefer a low barrier to adding a new device to the network, especially in BYOD environments.

IoT

Endpoints inside your company that you may never have imagined connecting to the Internet could now be a part of your network as well. Endpoints are evolving to encompass new capabilities intended to make life easier. It really is incredible what innovators are coming up with.

For each of these ingenuities to work, the devices involved need network access. Until recently, though, there’d be little reason to believe any of these types of endpoints would be attached to the corporate network.

Therein lies the problem. According to this New York Times report, “Hackers Lurking in Vents and Soda Machines,” IoT endpoints can all-too-easily become the entry point for a network attack because these endpoints are often weakly secured and added to the network organically.

Because these drastic changes in technology are so recent, many organizations aren’t even aware that endpoints like this are a part of their corporate network. Which means those MAC addresses could easily be spoofed without detection. Criminals can then use the MAC address of these unmonitored endpoints to disguise their own device – like their computer – to do damage.

Identify every endpoint to increase your defenses

What is needed is a comprehensive look at the network coupled with deep contextual knowledge of each endpoint. If you can see every network-attached endpoint in real-time, nothing should be able to enter the network without detection. If you have rich contextual knowledge of each of those endpoints, you’ll see not only the MAC address of the device but also many added data points about it. This powerful context can confirm whether or not a MAC address fits a device – so you can quickly put a stop to unauthorized access to your network.

Great Bay Software’s technology works by dynamically pulling together data gathered from a variety of sources to create and maintain a comprehensive picture of the network and each endpoint on it. Our solution will tell you:

What every network-attached endpoint is

Where each endpoint is located

How each endpoint is behaving

If an endpoint starts behaving uncharacteristically, you can be automatically notified. The instant notification, combined with real-time and historical location information, will allow you to identify and address issues quickly.

BYOD and IoT endpoints don’t have to weaken your network defenses. Arm your team with comprehensive insight into everything touching your network to ensure you have quick incident response capabilities. Contact us today for more information on how we can help you.

]]>http://greatbaysoftware.com/byod-iot-more-endpoints-more-problems/feed/0Breaches pointing out the ‘pass’ in passwordhttp://greatbaysoftware.com/breaches-pointing-out-the-ass-in-password/
http://greatbaysoftware.com/breaches-pointing-out-the-ass-in-password/#commentsWed, 04 Mar 2015 15:39:10 +0000http://greatbaysoftware.com/?p=626User credentials are intended to give you an added layer of network security. They’re designed to allow for further control concerning who and what is entering your network. Lately though, they’ve been attributed to the problem. A recent report found over one-third of security breaches in the retail sector started with a third-party vendor’s credentials. […]

]]>User credentials are intended to give you an added layer of network security. They’re designed to allow for further control concerning who and what is entering your network. Lately though, they’ve been attributed to the problem.

A recent report found over one-third of security breaches in the retail sector started with a third-party vendor’s credentials. To make matters worse, some of the most damaging data breaches have involved credentials stolen from a third-party.

Breaches like the one’s at these companies can have serious consequences:

The cost of the breach to Sony alone has been estimated to reach as much as $100 million. One of the largest retail breaches ever, The Home Depot exploit was last estimated to cost $63 million so far.

No back-end protection

Passwords only work to enforce access to computing devices. Especially with the proliferation of the Internet of Things (IoT), there are many network-attached endpoints that are left out of the equation with a security strategy that relies heavily on passwords.

Because of the IoT evolution, endpoints touching the network have evolved to include HVAC systems, vending machines, sprinkler systems and many others.

Without a different authentication method to address enforcement of access control on these endpoints, major blind spots on network security remain.

Outlying endpoints can cramp your security style

These readily overlooked endpoints, that passwords do not protect, have proved to be an even greater threat to companies. According to this New York Times report, “Hackers Lurking in Vents and Soda Machines,” third party suppliers are involved with 70 percent of all data breaches. IoT endpoints can all too easily become the entry point for a network attack, because – according to the report – these devices are often weakly secured and added to the network organically.

In “The Hidden IT Security Threat: Multifunction Printers,” it’s argued that security of multifunction printers alone needs to be taken more seriously. It goes on to note only 6 percent of employees believe their multifunction printer poses the biggest threat to the company network. Compound these concerns with the 1.2 billion devices connected to the Internet now and there is a very serious problem. It’s an issue that clearly can’t be solved with reliance solely on password protection.

A remedy for password pains

One way to ensure complete network protection is to authenticate all of your network-attached endpoints. That means authenticating even those IoT endpoints where access control cannot be enforced via password. Some solutions have advanced to provide this capability.

Our specialists skilled in a Defense in Depth approach to network security at Great Bay Software can help alleviate the distress of spotty security. Contact us today to learn more.

]]>http://greatbaysoftware.com/breaches-pointing-out-the-ass-in-password/feed/03 questions to ask network security vendorshttp://greatbaysoftware.com/3-questions-to-ask-endpoint-security-vendors-to-ensure-youll-be-protected/
http://greatbaysoftware.com/3-questions-to-ask-endpoint-security-vendors-to-ensure-youll-be-protected/#commentsFri, 27 Feb 2015 15:36:05 +0000http://greatbaysoftware.com/?p=468According to the Identity Theft Resource Center, data breaches tracked in the United States alone hit a record high of 783 in the past year – up significantly from the year before. Worldwide tracking of data breaches revealed more than 1,500 exploits led to the compromise of a billion compromised records. That number just continues to […]

]]>According to the Identity Theft Resource Center, data breaches tracked in the United States alone hit a record high of 783 in the past year – up significantly from the year before. Worldwide tracking of data breaches revealed more than 1,500 exploits led to the compromise of a billion compromised records. That number just continues to climb and so does the expense of this crime to companies.

A new report from the Ponemon Institute indicates that the average cost of a data breach rose 15 percent over the past year, reaching $3.5 million. With the mounting risks of a data breach and the significant costs associated with it, it is critical for organizations to take action to protect against network attacks.

Is that Defense in Depth strategy safeguarding you?

How do you ensure you are implementing a technology that is going to get you the level of protection you need? In Ponemon’s Cyber Strategies for Endpoint Defense report, about 20 percent of organizations listed using at least 11 different controls to protect their system. Yet, many IT professionals still admitted to struggling with endpoint security.

You need protection that’s going to truly combat your greatest dangers. According to another report by the Ponemon Institute, the latest Cost of Data Breach Study: Global Analysis, threats from malicious code and sustained probes have increased. There are also still a great number of unauthorized access incidents. Companies report seeing a monthly average of:

17 malicious codes

12 sustained probes

10 unauthorized access incidents

Put vendors to the test

Here are three questions to ask network security vendors in order to ensure you get the right level of protection against these threats with your next technology implementation.

Does your system give me complete visibility of every single network-attached endpoint?

You can’t secure what you don’t have any insight about. One way to ensure your organization does not fall victim to incidents of unauthorized access is to make sure you have complete network visibility. This means you can see each and every device attached to your network, you know what it is and where it’s located.

Endpoints that many tend to overlook on the network have a history of creating security blind spots. These endpoints should also be included in a comprehensive protection strategy.

This means devices like:

Thermostats

HVAC systems

Sprinkler systems

…to list only a few examples. More traditionally acknowledged endpoints – such as PCs, tablets, smartphones, etc. – should also be included in the complete picture of your entire network.

Unfortunately, many vendors will say their solution provides complete network visibility when that’s not the case. There are endpoints not covered. That leaves unknown blind spots unaddressed and vulnerable to network exploits.

Only 33 percent say their organization’s approach to endpoint security takes into account the Internet of Things.

This deficit reveals major network vulnerabilities. True protection begins with complete network visibility. One way to ensure a solution will actually reveal every single endpoint attached to the network is to compare it against several others making the same claim with a proof of concept exercise.

Does your solution provide me with contextual behavioral insight about each and every endpoint on my network in real- and historical-time?

One approach to protecting your network from the malicious code and unauthorized access incidents plaguing companies every month is to deploy software that is capable of delivering real-time continuous behavior monitoring of each endpoint. A solution that monitors the behavior of each network-attached endpoint in real- and historical-time can give you insight if any endpoints start acting uncharacteristically.

Here are examples of uncharacteristic attributes that you may want to be alerted about:

A device with the MAC address of a printer on the network begins surfing the web

Your HVAC system begins communicating with devices in a way that is not expected

An unknown and unauthorized device attempts to access the network

These behaviors are pretty good indicators that something is in need of attention on the network. The first could indicate unauthorized access via MAC spoofing. The second could indicate malicious code affecting the system. The last point speaks to the potential for rogue devices and access points to try to access the network.

In any case, even if the situation is simple misconfiguration, network teams will be able to better protect the network with the insight. Deep contextual insight about each endpoint – down to an understanding of what operating system an endpoint is running on – will also help with network planning and configuration. With it you can ensure devices stay up-to-date with the most relevant patches and protection, for example.

There are many solutions that provide a deep understanding of PCs and other traditional computing devices via agents. While there is a lot to be gained from this type of software, these solutions tend to fall short when it comes to addressing the other endpoints on the network that cannot handle an agent. These shortcomings come both in offering full visibility of all endpoints and in the depth of insight provided about non-computing devices.

Will your solution tell me where each endpoint is located?

Location information is extremely important for addressing all three of these types of network attacks.

Without location information:

You may be able to see malicious code affecting some component of your network, but you can’t tell where – so you can’t address it.

If an unknown and unauthorized device or access point sets up shop on your network and you know about it but don’t know where, you can’t stop it from doing damage.

You may be able to tell when a probe breaches the perimeter, but if you can’t see where or what it’s affected, it can cause major issues.

According to the 2014 Data Breach Investigations Report by Verizon, the majority of data breaches take weeks, if not months, to discover. The report also indicates law enforcement and third-parties are more often the ones to make the discovery than internal sources. As time ticks on, an unaddressed compromise to the network allows more and more data to be extrapolated and damage to be done – ultimately leading to greater costs to the company.

Put the best to the test

Great Bay Software’s Beacon product suite has the ability to provide you with all the advantages listed above, for true network security.

The Beacon product suite allows you to:

Identify. Beacon Endpoint Profiler is capable of identifying and profiling every network-attached endpoint.

Monitor. Beacon Endpoint Profiler also provides rich information in real-time about where the endpoint is located on the network and if its behavior is consistent with its profile.

Enforce. Beacon for Authentication allows you to enforce access control to your network. So if any uncharacteristic behavior presents itself, an instant alert can be generated and the device can be asked to re-authenticate. If it fails authentication, the device can be automatically placed in quarantine or removed.

Clients rave about the warehouse of context we are able to provide about each network-attached endpoint. We consistently outperform competitors when it comes to providing a comprehensive picture of the network and rich context without the need for agents.

You can take back control of your network with a superior technology that has the ability to give you deep insight into every endpoint touching it. Contact the network security experts at Great Bay Software today to gain more clarity about all ways the Beacon product suite can protect you.

]]>http://greatbaysoftware.com/3-questions-to-ask-endpoint-security-vendors-to-ensure-youll-be-protected/feed/0Redefining NAC: Why some solutions are not enoughhttp://greatbaysoftware.com/redefining-nac-why-some-solutions-are-not-enough/
http://greatbaysoftware.com/redefining-nac-why-some-solutions-are-not-enough/#commentsThu, 26 Feb 2015 15:39:36 +0000http://greatbaysoftware.com/?p=472In her white paper, “Catching the Unicorn: A technical exploration of why NAC is failing,” Jennifer Jabbusch writes: “One of my theories in networking, and IT in general, is that we (as technologists) get too caught up in the gadgets, gizmos and check boxes of our world, often to the detriment of understanding the overall […]

“One of my theories in networking, and IT in general, is that we (as technologists) get too caught up in the gadgets, gizmos and check boxes of our world, often to the detriment of understanding the overall business goals. We find ourselves too involved in the minutia of daily tasks that we fail to see the big picture and forget WHY we’re implementing all these technologies.”

She goes on to talk about how “the larger industry fosters a melting pot of NAC terminology that has no meaning.” To that end, NAC has come to be understood by many as a type of product that offers deep insights about some devices via an agent – or other product offers with some NAC-like features. These don’t get to the heart of the problem companies are really trying to solve with this framework. Really, Jabbusch emphasizes, successful NAC: “will not be a product; it will be a set of features.”

While this white paper was written some time ago, the points in it still remain true today.

Holes in vendor-proclaimed NAC

Those four features that make up NAC as a security concept include:

Authentication

Access rights

Endpoint integrity

Behavior monitoring

Let’s focus for a moment on the supplicant-specific technology that vendors often describe as a NAC product.

Authentication. In some cases, vendors are unable to authenticate devices that don’t run an agent or take user credentials. As a result, some agent-based technologies ask administrators to create whitelists to catalogue devices approved for the network. Whitelisted endpoints are identified by their MAC addresses only. Whitelisting is a vulnerable authentication method since MAC addresses can easily be stolen and used to gain unauthorized access. Even when a NAC vendor provides an additional solution to cover these devices, some have found it is often not at a level of depth and scope that is ideal.

Access rights. For devices that can authenticate, these vendors provide another layer of protection with credential-based access rights. That is an added protective measure for those devices that are able to utilize credentials. More and more companies are finding this type of access right to be ineffective though. A recent report found over one-third of retail security breaches started with a third-party vendor’s credentials. Multi-factor authentication may prove to be a more secure form of access control. Unfortunately, again, it only covers a specific sub-sect of devices attached to the network.

Endpoint integrity. Vendor-proclaimed NAC technologies do provide a great deal of context about each device able to run an agent. In fact, the level of detail provided about each individual device to able run an agent surpasses other offerings. So this does allow a deep level of endpoint integrity for the sub-sect of devices that can operate an agent.

Consider these passages from “Catching the Unicorn:”

“To most consumers of the technology, endpoint integrity is NAC. The correlation is odd, since the vast majority of organizations looking at NAC are not looking at it to satisfy endpoint integrity needs.”

“Many organizations may choose to implement a NAC solution or NAC-like features with other feature components and reduce cost and complexity by omitting endpoint integrity all together.”

Behavior monitoring. Again, agent-based software does provide a deep level of context about the endpoints that are able to run it. This does, to a certain degree, speak to the ability to understand the health of these specific devices and particular malicious behaviors that may be present on them. Certain vendors couple their agent-based software offering with another technology that captures some level of data about more of the outlying network endpoints that are not covered by agents. In our experience, these tools do not offer comprehensive insight about the scope of the network or each endpoint contained therein. It is better than no protection but security blind spots remain.

Shining a light on blind spots with Great Bay Software

The security gap keeping these solutions from providing a true NAC framework is a comprehensive look at the entire network coupled with deep contextual knowledge of each endpoint. If you can see all of your network-attached endpoints in real-time, nothing should be able to enter the network without detection. Dynamically compiled data gathered from a variety of informational sources can give you a rich contextual knowledge of each of those endpoints. This powerful context can confirm whether or not an endpoint’s MAC address is a fit for it – further limiting instances of unauthorized access – which is one of the most prevalent threats to companies. This can be accomplished with our Beacon product suite.

With our solutions, you will also be alerted if any device on the network begins behaving in a way that is uncharacteristic to it. If a printer begins surfing the web, for example, you’ll be notified. Even better, this wealth of context has been proven to greatly reduce incident response times. In additional to understanding the device’s identity, you’ll be able to see where it is and where it has been on the network. This way, when your IDS does detect anomalous behavior you can quickly locate the source and take action.

Our team members at Great Bay Software are experts in a true NAC foundation and we have helped many organizations bridge the security gaps left by other systems. We can help you, too.

]]>http://greatbaysoftware.com/redefining-nac-why-some-solutions-are-not-enough/feed/0Incident response: The high price tag on lag timehttp://greatbaysoftware.com/incident-response-the-high-price-tag-on-lag-time/
http://greatbaysoftware.com/incident-response-the-high-price-tag-on-lag-time/#commentsWed, 25 Feb 2015 14:37:47 +0000http://greatbaysoftware.com/?p=455Seeing and shutting down illegal network attacks can be incredibly difficult. Event alerts from security solutions often lack proper context. A Ponemon Institute survey found that in 28 percent of malicious attacks, respondents could not find the source of the breach. That study also noted IT professionals believe understanding where the breach originated would help […]

]]>Seeing and shutting down illegal network attacks can be incredibly difficult. Event alerts from security solutions often lack proper context.

A Ponemon Institute survey found that in 28 percent of malicious attacks, respondents could not find the source of the breach. That study also noted IT professionals believe understanding where the breach originated would help them enhance their security posture and incident response time. The majority, though, reported not having the capabilities to determine the source of the problem.

According to the 2014 Data Breach Investigations Report by Verizon, the majority of data breaches take weeks, if not months, to discover. The report also indicates law enforcement and third parties are more often the ones to make the discovery than internal sources. This creates serious risk for organizations.

The ticking clock creates a rising toll

As time marches on, an unaddressed compromise to the network allows more and more data to be extrapolated and major damage to be done – ultimately leading to greater costs to the company.

For example, recent reports indicate the data breach at health insurance provider Anthem started nine months before the company discovered the intrusion. If the company could have stopped the attack sooner, it may have been able to keep the nearly 1 billion records that were compromised safe. The hundreds of millions – if not billions – of dollars the massive exploit is expected to cost the company might have also been salvaged.

Even worse, the security breach at Goodwill lasted 18 months. Reports have indicated that the company was first informed about a possible attack as early as July of 2014, but it wasn’t until early September that the organization was able to confirm it. That clarity only came with the help of an independent cyber investigative team Goodwill hired.

Paying so much more than your dues

These are just two of many examples of breaches that took months to discover and correct: JP Morgan Chase, Home Depot and, perhaps most famously, eBay are some other principal illustrations.

When responding to an incident, detection is the most costly internal activity, followed by recovery, according to another recent report by the Ponemon Institute. Annually, detection and recovery costs combined make up 53 percent of the total cost to a company to mitigate cyber attacks. Breaking it down further, the loss in productivity makes up a great portion of the costs involved in the added work for incident response.

Salvaging security and profits

If you can detect incidents effectively and mitigate the risks quickly, you can potentially keep some of them from becoming breaches. As evidenced earlier, despite a Defense in Depth approach at many organizations, security blind spots remain on the network. Event alerts often don’t often allow for quick incident response action to be taken either.

Great Bay Software has often proven to be the missing link for companies in alleviating security blind spots and providing real-time location information about endpoints. With the rich context provided by Beacon Endpoint Profiler, companies can see the entire network and gain perspective about each endpoint on it. The location information, for example, allows administrators to more easily pinpoint where an endpoint that is creating an alert currently is – and where it was – for quick incident response.

The Ponemon report referenced earlier advises there is “a significant cost-reduction opportunity for organizations that are able to systematically manage recovery and to deploy enabling security technologies to help facilitate the detection process.” Our team of security professionals is here to help you with incident response when you’re ready.

]]>http://greatbaysoftware.com/incident-response-the-high-price-tag-on-lag-time/feed/0Data breaches demonstrating the crippled state of securityhttp://greatbaysoftware.com/the-crippled-state-of-network-security/
http://greatbaysoftware.com/the-crippled-state-of-network-security/#commentsTue, 24 Feb 2015 14:38:58 +0000http://greatbaysoftware.com/?p=458According to the Identity Theft Resource Center, data breaches tracked in the United States alone hit a record high in the past year – and it was a nearly 28 percent increase over the number of data breaches reported the year before. Worldwide tracking of data breaches revealed more than 1,500 exploits led to the compromise […]

]]>According to the Identity Theft Resource Center, data breaches tracked in the United States alone hit a record high in the past year – and it was a nearly 28 percent increase over the number of data breaches reported the year before. Worldwide tracking of data breaches revealed more than 1,500 exploits led to the compromise of a billion records. That number just continues to climb and so does the expense of this crime to companies.

A new report, from the Ponemon Institute, indicates that the average cost of a data breach rose 15 percent over the past year, reaching $3.5 million.

The problem seems to slip past many solutions

How do you ensure you are implementing a technology that is going to get you the level of protection you need? About 20 percent of organizations have listed using at least 11 different controls to avoid data breaches. Yet, many IT professionals still admitted to struggling with endpoint security according to the Cyber Strategies for Endpoint Defense report.

Companies report seeing a monthly average of:

17 malicious codes

12 sustained probes

10 unauthorized access incidents

That’s according to the report, Cost of Data Breach Study: Global Analysis. Threats from malicious code and sustained probes have increased. There are also still a great number of unauthorized access incidents. You need protection that’s going to truly combat data breach risks.

The risk remains

Only 33 percent say their organization’s approach to endpoint security takes into account the Internet of Things.

This deficit reveals major network vulnerabilities. According to the 2014 Data Breach Investigations Report by Verizon, the majority of data breaches take weeks, if not months, to discover. The report also indicates law enforcement and third-parties are more often the ones to make the discovery than internal sources. As time ticks on, an unaddressed compromise to the network allows more and more data to be extrapolated and damage to be done – ultimately leading to greater costs to the company.

One missing piece of the puzzle

So what can be done? Could a more comprehensive view of the network coupled with a warehouse of context about each network-attached device help mitigate these issues? At Great Bay Software we’ve discovered that, for many, we have provided the missing link security IT professionals are seeking. We have done this with the Beacon product suite.

No one wants to be another statistic. You’re doing your best to take the necessary steps to keep the network and its sensitive information safe from a data breach. It’s difficult to hear from the director of the FBI, no less, that there are two types of companies: “those who’ve been hacked…and those who don’t know they’ve been hacked.”

There is a better way. We can help you identify the source of exploits in real-time so you can shut them down before they do major damage. Contact us today to gain more clarity about all ways Beacon can safeguard your network.

]]>Incidents of unauthorized access to the network are one of three prevalent threats companies say they are combatting in recent findings.

Each month, companies report seeing an average of:

17 malicious codes

12 sustained probes

10 unauthorized access incidents

While attackers seem to find increasingly sophisticated methods of accessing the network via malicious codes and sustained probes, there is a highly effective solution for blocking unauthorized access.

Protect your network against these threats

1. Require network authentication for all endpoints.

Establish a process that requires authentication for all endpoints attempting to access the network – each one of them. At one time, people thought certain devices could not be authenticated (those without the ability to handle a supplicant or user credentials). As an alternative, they created whitelists to catalogue devices approved for the network. That meant these endpoints were identified by their MAC addresses only. Whitelisting is a vulnerable authentication method, since MAC addresses can easily be stolen and applied to rogue devices. Fortunately, technical innovations now provide the ability to authenticate all network-attached endpoints based on more than just a MAC address. This enables detection of any rogue or MAC spoofed device attempting unauthorized access, along with full visibility of the entire network and each endpoint encompassing it.

2. Keep a real-time inventory of endpoints accessing your network.

Gain a continuous understanding of what is touching your network. Employ tools that will discover all the endpoints currently accessing data and any new additions connecting to the network. The sheer volume may shock you. For a comprehensive inventory, you will need the most advanced profiling techniques available with the ability to see in-depth attributes. This will accelerate the discovery process with a very high rate of accuracy.

Gain a continuous understanding of what is touching your network. Employ tools that will discover all the endpoints currently accessing data and any new additions connecting to the network. The sheer volume may shock you. For a comprehensive inventory, you will need the most advanced profiling techniques available with the ability to see in-depth attributes. This will accelerate the discovery process with a very high rate of accuracy.

3. Monitor endpoints to detect uncharacteristic behavior.

Knowledge is power. Be aware of how each endpoint should behave, and monitor for uncharacteristic behavior in real-time so you’ll know about any deviations. Set up automated alerts to be notified when there is an activity that doesn’t match an endpoint’s expected behavior. Identity monitoring gives you an important advantage over criminals intent on gaining unauthorized access and stealing data. It can also be extremely useful for catching misconfigured or breached devices. The more comprehensive and granular your data is, the better you’ll be at thwarting the malicious activity.

A trifecta of security in one solution

The recommendations above are illustrations of a few of the capabilities Great Bay Software’s Beacon product suite can provide you. The ability to detect and prevent incidents of unauthorized access in real-time is one of the reasons so many companies rely on our technology. We know network security will always be a constant battle, but there is – at least – one top threat that could be much more readily alleviated.

We want to help you operate with greater confidence knowing your infrastructure, and each element that constitutes it, is protected.

]]>It is no surprise that the majority of network breaches are caused by malicious hackers seeking financial gain. They are continually learning more advanced, untried methods to evade network security measures and infiltrate corporate networks.

Even though you’re likely doing many things to guard against data theft and keep your organization safe, your network still may be vulnerable.

Despite the best attempts, a recent study indicates that 78 percent of organizations experienced at least one data breach in the past two years.

Critical elements of a security framework

1. Train employees to be vigilant against possible attacks. Your internal team members may be unknowingly putting your network at risk. Educate all employees on the threats they may be exposing your organization to and the potential risks this poses. Consider implementing an acceptable use policy for your company that contains clear guidelines on approved and prohibited websites, preferred Internet browsers and personal use rules. In addition, set rules concerning access requirements for both direct and remote connection.

2.Install anti-virus and anti-spyware programs from a trusted source. Applications to monitor and protect threats on your corporate computers are very valuable prevention tools. Because threats are always evolving, make sure the anti-virus and anti-spyware programs you install are renewed and updated regularly.

3.Restrict user access and gain comprehensive knowledge of who and what is on your network at all times. If you don’t have comprehensive visibility into your entire network, it’s left unprotected. A rogue device, to name one threat, may be able to gain undetected, unauthorized access and steal sensitive information. In order to keep the network safe, it’s imperative for your team to know about all the endpoints that are attached to it. Also, it’s important to ensure only users that need the information have access to sensitive materials. Lock critical files and require restricted access.

4. Encrypt sensitive data in use, at rest and in motion. A data-centric approach to guarding against a breach is an important part of complete protection. In many cases, it’s even required to be compliant with information security and privacy laws. Safeguarding data across the spectrum of use by the organization certifies its protection.

Filling cracks in the security foundation

The nature of these attacks is continually evolving and there are many instances of hackers exploiting overlooked security holes, like printers and HVAC systems. With the average cost of a data breach rising to $3.5 million you want to be sure your Defense in Depth approach is providing the protection you need.

In concert with these efforts, what is truly needed is a warehouse of context about each network-attached endpoint and access control enforcement. The context will allow you to see what an endpoint is, if it behaves in a way that is uncharacteristic to it and where is was and is located so you can quickly respond to incidents. Authenticating each endpoint – even those that often remain overlooked, like printers – will allow you to prevent against unauthorized access incidents.

At Great Bay Software, we specialize in supplying the complete network visibility needed to lay a strong security foundation. We welcome opportunities to discuss how we can help your organization take back control of the network.